Overview

overview

4

Static

static

�....0.exe

windows7-x64

3

�....0.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    91s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 19:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CFӵǽV1.0.exe

  • Size

    684KB

  • MD5

    2dc0552a6ba0aa9768941021afb21def

  • SHA1

    8ec47f8137e1da4372059d867aa9936897c9b1ee

  • SHA256

    9d9e449be3e01e0ee8111d806debf9b77b8a4830d587869bc4737eb084c55b2b

  • SHA512

    6959cf9f03dc9921dd8a506f845d220b66a6034bf17d7566de189dde656e376f422fc7757c242e5381e3d7b8a9036b914ba951c8e44ab08db5c7691a805eae3f

  • SSDEEP

    12288:kn+e95EJcsEFjNqI5W9FeBMv9fnrdj909x:kn+e9BFxqI5WHeOv9frdjez

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CFӵǽV1.0.exe
    "C:\Users\Admin\AppData\Local\Temp\CFӵǽV1.0.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5036
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3624

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads